Use cases for different AuthorizedKeysCommand and AuthorizedKeysFile orders

Jochen Bern Jochen.Bern at binect.de
Wed Jul 21 19:09:12 AEST 2021


On 20.07.21 12:50, Xiaoguang WANG wrote:
> * The authorized_keys file is only used for emergency use.
> * Every login is checked by authorized keys command (it can use other
> servers to auth through the network), and the command can return
> "force nologin" to disable the keys in authorized_keys.
> * In emergency cases (eg: network failure, or command corruption), the
> emergency key in authorized_keys can still be used to recover the
> system.

I don't know how much effort OpenSSH spends on making the
AuthorizedKeysCommand API failsafe, but just on general principle,
*shouldn't* an AuthorizedKeysFile "for emergencies" be considered
*before* an AuthorizedKeysCommand that may be affected (indefinite
hang?) by said emergency?

Otherwise: You IMHO could point AuthorizedKeysFile to an empty File and
replace the current AuthorizedKeysCommand by something like

#!/bin/sh
F="/the/ACTUAL/file/with_the/emergency.pubkeys"
/the/original/AuthorizedKeysCommand "$@"
X=$?
if [ -r "$F" ]; then
   cat "$F"
   exit $X
else
   logger "Emergency config $F is missing or unreadable!!"
   exit 1
fi

to get the order you want. (Assuming a unixoid system, that is.)

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210721/3d9069e4/attachment.p7s>


More information about the openssh-unix-dev mailing list